diff options
author | Peter Levine <plevine457@gmail.com> | 2017-09-26 13:59:42 -0400 |
---|---|---|
committer | Ian Stakenvicius <axs@gentoo.org> | 2017-10-03 12:42:44 -0400 |
commit | ecba8795415dd571f894d457001f28d96c3f8a93 (patch) | |
tree | b69c1a1d51c22486083c870873ac5144efb18810 /tests/symlinkat-3.sh | |
parent | libsandbox: Fix path matching not to dumbly match prefixes (diff) | |
download | sandbox-ecba8795415dd571f894d457001f28d96c3f8a93.tar.gz sandbox-ecba8795415dd571f894d457001f28d96c3f8a93.tar.bz2 sandbox-ecba8795415dd571f894d457001f28d96c3f8a93.zip |
Ensure LD_LIBRARY_PATH is copied to my_envv2.12
Sandbox commit 55087abd8dc9802cf68cade776fe612a3f19f6a1 is for the purpose
of preventing a loop or deadlock caused by a package implementing its own
libc memory allocation functions, which themselves may call on a sandbox wrapped
system calls, whose implementation depends on further calls to such memory
functions. If any binaries export such symbols, sandbox assumes the worst
and prevents loading of libsandbox.so and instead opts for ptrace.
In preventing the loading of libsandbox, it removes all variables whose
env_pair.name field matches the name of an environment variable from the
environment, for all env_pairs of vars[] in
char **sb_check_envp(char **envp, size_t *mod_cnt, bool insert) in
"libsandbox/libsandbox.c". This includes not just the usual environment
variables prefixed with 'SANDBOX_' but also LD_PRELOAD and LD_LIBRARY_PATH.
LD_PRELOAD clearly should be removed. But LD_LIBRARY_PATH would only seem
to be trouble if used with LD_PRELOAD. As such it makes sense to me to
prevent the removal of LD_LIBRARY_PATH.
Given the fact that the the positions of the env_pairs in vars[] are intended
to be hard-coded (from libsandbox.c: /* Indices matter -- see init below */),
this commit uses the index of the env_pair corresponding to LD_LIBRARY_PATH to
prevent its removal.
Diffstat (limited to 'tests/symlinkat-3.sh')
0 files changed, 0 insertions, 0 deletions